[*] Binary protection state of policykit_cert
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of policykit_cert
jalr t9
move a0, v0
lw gp, 0x30(sp)
lw t9, -sym.imp.cert_prm_get_string(gp)
jalr t9
move a0, v0
lw gp, 0x30(sp)
lw a1, 0xb0(sp)
lw t9, -sym.policykit_cert_set_get_path(gp)
bal sym.policykit_cert_set_get_path
move a0, v0
move v1, v0
beqz v0, 0x5df8
lw gp, 0x30(sp)
beqz s3, 0x5e1c
lw t9, -sym.imp.cert_msg_init(gp)
lw t9, -0x7e40(gp)
jalr t9
move a0, v1
lw gp, 0x30(sp)
beq s4, s0, 0x5098
addiu v0, s0, 1
bnez s5, 0x4ee8
move s0, v0
lw v0, 0x4c(sp)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, v0, -0x5438
lw gp, 0x30(sp)
move v1, v0
lw v0, 0x44(sp)
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_log(gp)
sw v1, 0x10(sp)
sw v1, 0x40(sp)
addiu a3, v0, -0x55fc
addiu a2, a2, -0x5ae4
addiu a1, zero, 0x10
jalr t9
move a0, zero
lw gp, 0x30(sp)
lw t9, -sym.imp.cert_util_error_code(gp)
jalr t9
nop
lw gp, 0x30(sp)
bnez v0, 0x5c20
--
lw gp, 0x30(sp)
addiu a1, zero, 2
lw t9, -sym.imp.cert_op_get_prm(gp)
jalr t9
move a0, v0
lw gp, 0x30(sp)
lw t9, -sym.imp.cert_prm_get_string(gp)
jalr t9
move a0, v0
lw gp, 0x30(sp)
b 0x5b20
lw t9, -sym.imp.cert_disable(gp)
bnez s3, 0x576c
lw t9, 0x3c(sp)
jalr t9
move a0, s6
lw gp, 0x30(sp)
lw a0, 0x48(sp)
addiu a1, zero, 1
lw t9, -sym.imp.g_string_free(gp)
jalr t9
addiu s3, zero, 1
b 0x4ffc
lw gp, 0x30(sp)
lw a0, -0x7fdc(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, a0, -0x5450
lw gp, 0x30(sp)
addiu a1, zero, 0x10
move a0, zero
lw a3, -0x7fdc(gp)
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, -0x55fc
addiu a2, a2, -0x5ae4
sw v0, 0x10(sp)
jalr t9
move s0, v0
lw gp, 0x30(sp)
lw t9, -sym.imp.cert_util_error_code(gp)
jalr t9
nop
bnez v0, 0x5d5c
lw gp, 0x30(sp)
lw t9, -sym.imp.cert_util_error_code_msg(gp)
--
sw ra, 0x24(sp)
sw a0, 0x28(sp)
jalr t9
move s0, a1
beq v0, s0, 0x5ec8
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_uid_root(gp)
jalr t9
nop
bne v0, s0, 0x5ee4
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_set_exit_flexible_set(gp)
jalr t9
addiu a0, sp, 0x28
lw ra, 0x24(sp)
lw s0, 0x20(sp)
jr ra
addiu sp, sp, 0x28
lw t9, -sym.imp.cert_set_get_uid(gp)
jalr t9
lw a0, 0x28(sp)
lw gp, 0x18(sp)
move a1, s0
move a2, v0
lw a0, -0x7fdc(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, a0, -0x53b0
lw gp, 0x18(sp)
addiu a1, zero, 0x10
move a0, zero
lw a3, -0x7fdc(gp)
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, -0x55fc
addiu a2, a2, -0x5ae4
sw v0, 0x10(sp)
jalr t9
move s0, v0
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_error_code(gp)
jalr t9
nop
bnez v0, 0x5f74
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_error_code_msg(gp)
--
move a0, s0
move a2, zero
lw t9, -sym.imp.g_strconcat(gp)
jalr t9
move a1, v0
move s0, v0
beqz v0, 0x6178
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_set_destroy(gp)
jalr t9
nop
lw ra, 0x2c(sp)
move v0, s0
lw s2, 0x28(sp)
lw s1, 0x24(sp)
lw s0, 0x20(sp)
jr ra
addiu sp, sp, 0x30
lw t9, -sym.imp.cert_set_get_uid(gp)
jalr t9
move a0, s0
lw gp, 0x18(sp)
move a3, v0
move a2, s2
lw a0, -0x7fdc(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
move a1, s1
jalr t9
addiu a0, a0, -0x5374
lw gp, 0x18(sp)
addiu a1, zero, 0x10
move a0, zero
lw a3, -0x7fdc(gp)
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, -0x55fc
addiu a2, a2, -0x5ae4
sw v0, 0x10(sp)
jalr t9
move s0, v0
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_error_code(gp)
jalr t9
nop
bnez v0, 0x6160
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_error_code_msg(gp)
move a1, s0
jalr t9
addiu a0, zero, 7
move s0, zero
b 0x6054
lw gp, 0x18(sp)
lw a0, -0x7fdc(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
move a1, s2
jalr t9
addiu a0, a0, -0x5334
lw gp, 0x18(sp)
addiu a1, zero, 0x10
move a0, zero
lw a3, -0x7fdc(gp)
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, -0x55fc
addiu a2, a2, -0x5ae4
sw v0, 0x10(sp)
jalr t9
move s0, v0
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_error_code(gp)
jalr t9
nop
beqz v0, 0x61a0
lw gp, 0x18(sp)
--
addiu a2, sp, 0x20
move a1, v0
jalr t9
move a0, zero
lw gp, 0x18(sp)
move s1, v0
lw t9, -sym.imp.cert_set_destroy(gp)
jalr t9
nop
lw a0, 0x24(sp)
lw v1, (s0)
lw gp, 0x18(sp)
bne a0, v1, 0x6338
move v0, s1
lw ra, 0x3c(sp)
lw s4, 0x38(sp)
lw s3, 0x34(sp)
lw s2, 0x30(sp)
lw s1, 0x2c(sp)
lw s0, 0x28(sp)
jr ra
addiu sp, sp, 0x40
b 0x6264
addiu s1, zero, 1
lw a0, -0x7fdc(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
lw a1, 0x50(sp)
jalr t9
addiu a0, a0, -0x52f4
lw gp, 0x18(sp)
addiu a1, zero, 0x10
move a0, zero
lw a3, -0x7fdc(gp)
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, -0x55fc
addiu a2, a2, -0x5ae4
sw v0, 0x10(sp)
jalr t9
move s1, v0
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_error_code(gp)
jalr t9
nop
bnez v0, 0x6320
lw gp, 0x18(sp)
--
jalr t9
move s0, a1
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_set_lookup(gp)
jalr t9
move a0, s1
beqz v0, 0x63d0
lw gp, 0x18(sp)
lw t9, -0x7fd4(gp)
move a1, s0
addiu t9, t9, 0x5e80
bal 0x5e80
move a0, v0
lw gp, 0x18(sp)
move s0, v0
lw t9, -sym.imp.cert_set_destroy(gp)
jalr t9
nop
lw ra, 0x2c(sp)
move v0, s0
lw s1, 0x28(sp)
lw s0, 0x24(sp)
jr ra
addiu sp, sp, 0x30
lw a0, -0x7fdc(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
move a1, s1
jalr t9
addiu a0, a0, -0x5334
lw gp, 0x18(sp)
addiu a1, zero, 0x10
move a0, zero
lw a3, -0x7fdc(gp)
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, -0x55fc
addiu a2, a2, -0x5ae4
sw v0, 0x10(sp)
jalr t9
move s0, v0
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_error_code(gp)
jalr t9
nop
bnez v0, 0x6444
lw gp, 0x18(sp)
--
lw t9, -sym.imp.cert_set_init_server(gp)
sw gp, 0x18(sp)
sw ra, 0x44(sp)
sw s6, 0x38(sp)
sw s3, 0x2c(sp)
sw s2, 0x28(sp)
sw s1, 0x24(sp)
sw s0, 0x20(sp)
sw fp, 0x40(sp)
sw s7, 0x3c(sp)
sw s5, 0x34(sp)
sw s4, 0x30(sp)
move s0, a0
move a0, a3
move s6, a3
move s1, a1
jalr t9
move s2, a2
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_set_names(gp)
jalr t9
nop
lw gp, 0x18(sp)
move s3, v0
beqz v0, 0x6620
lw t9, -sym.imp.g_strdup_printf(gp)
lw a0, -0x7fdc(gp)
move a2, s1
addiu a0, a0, -0x52bc
move a3, s2
jalr t9
move a1, s0
lw a0, (s3)
lw gp, 0x18(sp)
beqz a0, 0x6690
move s1, v0
lw s4, -0x7fdc(gp)
lw s5, -0x7fd4(gp)
lw s7, -0x7fdc(gp)
move s0, s3
move s2, zero
addiu s4, s4, -0x55fc
b 0x6550
addiu s5, s5, 0x5e80
jalr t9
nop
--
move a1, s2
addiu a2, sp, 0x20
jalr t9
move a0, s3
lw gp, 0x18(sp)
sltu s2, zero, v0
beqz s3, 0x67fc
lw t9, -sym.imp.cert_set_destroy_set(gp)
jalr t9
move a0, s3
lw gp, 0x18(sp)
lw t9, -0x7e40(gp)
jalr t9
move a0, s1
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_set_destroy(gp)
jalr t9
nop
b 0x6730
lw gp, 0x18(sp)
b 0x67a0
sw zero, 0x24(sp)
b 0x67e8
addiu s2, zero, 1
lw a0, -0x7fdc(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
jalr t9
addiu a0, a0, -0x527c
lw gp, 0x18(sp)
addiu a1, zero, 0x10
move a0, zero
lw a3, -0x7fdc(gp)
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, -0x55fc
addiu a2, a2, -0x5ae4
sw v0, 0x10(sp)
jalr t9
move s2, v0
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_error_code(gp)
jalr t9
nop
bnez v0, 0x68a0
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_error_code_msg(gp)
--
move s1, v0
move s3, v0
beqz v0, 0x6a30
lw gp, 0x18(sp)
lw a0, (v0)
beqz a0, 0x69dc
move s0, v0
b 0x6954
lw t9, -sym.imp.cert_set_lookup(gp)
jalr t9
addiu s0, s0, 4
bne v0, s2, 0x6944
lw gp, 0x18(sp)
addiu s1, s1, 1
lw a0, (s0)
beql a0, zero, 0x69e0
lw t9, -sym.imp.g_strfreev(gp)
lw t9, -sym.imp.cert_set_lookup(gp)
jalr t9
nop
lw gp, 0x18(sp)
move a0, v0
bnez v0, 0x6930
lw t9, -sym.imp.cert_set_get_uid(gp)
lw a0, -0x7fdc(gp)
lw t9, -sym.imp.g_strdup_printf(gp)
lw a1, (s0)
jalr t9
addiu a0, a0, -0x5244
lw gp, 0x18(sp)
addiu a1, zero, 0x10
move a0, zero
lw a3, -0x7fdc(gp)
lw a2, -0x7fdc(gp)
lw t9, -sym.imp.g_log(gp)
addiu a3, a3, -0x55fc
addiu a2, a2, -0x5ae4
sw v0, 0x10(sp)
jalr t9
move s0, v0
lw gp, 0x18(sp)
lw t9, -sym.imp.cert_util_error_code(gp)
jalr t9
nop
bnez v0, 0x6a18
lw gp, 0x18(sp)
[*] Function printf used 10 times policykit_cert
